Exim question for Chirpy

[CaMer0n]

dear chirpy,

Could you please tell me if this is exim config is correct?
Most of the mails about this subject, on this board, are atleast 3 years old.
I just received a spam from an IP that is on one of the spamhaus lists, so maybe I'm doing something wrong?

Thanks in advance,
Cameron

#!!# ACL that is used after the RCPT command
check_recipient:
  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
  accept  hosts = :


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}

  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}

  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}

  #if it gets here it isn't mailman
                                                                                                                                           
  #sender verifications are required for all messages that are not sent to lists
                                                                                                                                           
  require verify = sender
  accept  domains = +local_domains
  endpass
                                                                                                                                           
  #recipient verifications are required for all messages that are not sent to the local machine
  #this was done at multiple users requests
                                                                                                                                           
  message = "The recipient cannot be verified.  Please check all recipients of this message to verify they are valid."
  verify = recipient
                                                                                                                                           
  accept  domains = +relay_domains

  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
        hosts = +relay_hosts
  accept  hosts = +relay_hosts
                                                                                
  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
        condition = ${perl{checkrelayhost}{$sender_host_address}}
  accept  condition = ${perl{checkrelayhost}{$sender_host_address}}

  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.
          authenticated = *

  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
  require verify = header_sender

# Check sending hosts against DNS black lists.
# Reject message if address listed in blacklist.
deny message = rejected because $sender_host_address is blacklisted at $dnslist_domain\n $dnslist_text
dnslists = relays.ordb.org : list.dsbl.org : blackholes.easynet.nl : spamsites.relays.osirusoft.com : sbl.spamhaus.org : xbl.spamhaus.org : blackholes.mail-abuse.org

  accept

# Allow mail to postmaster on blacklisted local domains
# Mail to postmaster is never blocked by any subsequent tests.
accept local_parts = postmaster
domains = +local_domains

# Requires the sender address to be verified.
require verify = sender

 

[nickp666]

dear chirpy,

Could you please tell me if this is exim config is correct?
Most of the mails about this subject, on this board, are atleast 3 years old.
I just received a spam from an IP that is on one of the spamhaus lists, so maybe I'm doing something wrong?

Thanks in advance,
Cameron

#!!# ACL that is used after the RCPT command
check_recipient:
  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
  accept  hosts = :


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}

  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}

  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}

  #if it gets here it isn't mailman
                                                                                                                                           
  #sender verifications are required for all messages that are not sent to lists
                                                                                                                                           
  require verify = sender
  accept  domains = +local_domains
  endpass
                                                                                                                                           
  #recipient verifications are required for all messages that are not sent to the local machine
  #this was done at multiple users requests
                                                                                                                                           
  message = "The recipient cannot be verified.  Please check all recipients of this message to verify they are valid."
  verify = recipient
                                                                                                                                           
  accept  domains = +relay_domains

  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
        hosts = +relay_hosts
  accept  hosts = +relay_hosts
                                                                                
  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
        condition = ${perl{checkrelayhost}{$sender_host_address}}
  accept  condition = ${perl{checkrelayhost}{$sender_host_address}}

  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.
          authenticated = *

  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
  require verify = header_sender

# Check sending hosts against DNS black lists.
# Reject message if address listed in blacklist.
deny message = rejected because $sender_host_address is blacklisted at $dnslist_domain\n $dnslist_text
dnslists = relays.ordb.org : list.dsbl.org : blackholes.easynet.nl : spamsites.relays.osirusoft.com : sbl.spamhaus.org : xbl.spamhaus.org : blackholes.mail-abuse.org

  accept

# Allow mail to postmaster on blacklisted local domains
# Mail to postmaster is never blocked by any subsequent tests.
accept local_parts = postmaster
domains = +local_domains

# Requires the sender address to be verified.
require verify = sender

The ACL is in the wrong place, thats all, needs to be at the rcpt stage instead of data

 

[CaMer0n]

Thanks Nick.
Would you be able to post the whole correct text?
Sorry, I'm a complete newbie to this, and don't want to mess up the mail on our server.

Thanks in advance.

 

[nickp666]

Thanks Nick.
Would you be able to post the whole correct text?
Sorry, I'm a complete newbie to this, and don't want to mess up the mail on our server.

Thanks in advance.

This should do it (I only copied and pasted your original post, so if there are errors its down to that)

#!!# ACL that is used after the RCPT command
check_recipient:
  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
  accept  hosts = :
  
  # Check sending hosts against DNS black lists.
  # Reject message if address listed in blacklist.
  deny message = rejected because $sender_host_address is blacklisted at $dnslist_domain\n $dnslist_text
  dnslists = relays.ordb.org : list.dsbl.org : blackholes.easynet.nl : spamsites.relays.osirusoft.com : sbl.spamhaus.org :   xbl.spamhaus.org : blackholes.mail-abuse.org

  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}

  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
                {yes}{no}}


  # Accept bounces to lists even if callbacks or other checks would fail
  warn     message      = X-WhitelistedRCPT-nohdrfromcallback: Yes
           condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}

  accept   condition    = \
           ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
                     {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
                {yes}{no}}

  #if it gets here it isn't mailman
                                                                                                                                           
  #sender verifications are required for all messages that are not sent to lists
                                                                                                                                           
  require verify = sender
  accept  domains = +local_domains
  endpass
                                                                                                                                           
  #recipient verifications are required for all messages that are not sent to the local machine
  #this was done at multiple users requests
                                                                                                                                           
  message = "The recipient cannot be verified.  Please check all recipients of this message to verify they are valid."
  verify = recipient
                                                                                                                                           
  accept  domains = +relay_domains

  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
        hosts = +relay_hosts
  accept  hosts = +relay_hosts
                                                                                
  warn  message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
        condition = ${perl{checkrelayhost}{$sender_host_address}}
  accept  condition = ${perl{checkrelayhost}{$sender_host_address}}

  accept  hosts = +auth_relay_hosts
          endpass
          message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.
          authenticated = *

  deny    message = $sender_fullhost is currently not permitted to \
                        relay through this server. Perhaps you \
                        have not logged into the pop/imap server in the \
                        last 30 minutes or do not have SMTP Authentication turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
  require verify = header_sender

  accept

# Allow mail to postmaster on blacklisted local domains
# Mail to postmaster is never blocked by any subsequent tests.
accept local_parts = postmaster
domains = +local_domains

# Requires the sender address to be verified.
require verify = sender

 

[lehels]

exim blacklist?

exim.conf:
#
# Trap Failures to Remote Domain
#

fail_remote_domains:
driver = redirect
domains = ! +local_domains
allow_fail
data = ":fail: The mail server could not deliver mail to [email protected]$domain.
The account or domain may not exist, they may be blacklisted, or missing the pr
oper dns entries."


the SMTP transaction test:

>>> using ACL "check_recipient"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "warn"
>>> check condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} {yes}{no}}
>>> = no
>>> warn: condition test failed
>>> processing "accept"
>>> check condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} {yes}{no}}
>>> = no
>>> accept: condition test failed
>>> processing "warn"
>>> check condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} {yes}{no}}
>>> = no
>>> warn: condition test failed
>>> processing "accept"
>>> check condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} {yes}{no}}
>>> = no
>>> accept: condition test failed
>>> processing "require"
>>> check verify = recipient
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing [email protected]
>>> psitest.ro in "lsearch;/etc/localdomains"? no (end of list)
>>> psitest.ro in "+local_domains"? no (end of list)
>>> psitest.ro in "! +local_domains"? yes (end of list)
>>> psitest.ro in "! +local_domains"? yes (end of list)
>>> calling lookuphost router
>>> lookuphost router declined for [email protected]
>>> psitest.ro in "! +local_domains"? yes (end of list)
>>> calling literal router
>>> literal router declined for [email protected]
>>> psitest.ro in "! +local_domains"? yes (end of list)
>>> calling fail_remote_domains router
>>> fail_remote_domains router forced address failure
>>> ----------- end verify ------------
>>> require: condition test failed

550-The mail server could not deliver mail to [email protected]. The account
550-or domain may not exist, they may be blacklisted, or missing the proper dns
550 entries.
LOG: H=() [74.53.81.130] F=<[email protected]> rejected RCPT [email protected]: The mail server could not deliver mail to [email protected]. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.

----

beeline.ro is hosted in our server,
psitest.ro is not hosted by us, so it shouldn't be [it isn't] in the /etc/localdomains

the domain is not blacklisted, and has proper dns entries,

why the message still fails to leave? ok, accept condition failed, why failing?

thank you,
Lehel